einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2026-05-22 12:05:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): route all nostrLoggedIn listeners through signed-event verification

Browse Source 
The previous commit only updated auth-button + the WithNostrAuth trait,
but six Volt pages (profile, benefits, election/*, members/admin) carry
their own handleNostrLoggedIn(string $pubkey) handlers. The dispatched
payload is now an array, so Livewire's container could not resolve the
string parameter and threw BindingResolutionException on every login.

- All six per-page handlers now accept the signed event and route it
  through NostrAuth::loginWithSignedEvent() like the trait does.
- NostrAuth: add currentOrIssueChallenge() so the sidebar + navbar
  auth-button mounts share one live session challenge instead of
  overwriting each other.
- verifySignedEvent: pass a normalized stdClass to swentel's verify()
  directly, skipping an unnecessary json_encode + json_decode round-trip.
- auth-button: gate the global Escape/Tab capture so it only intercepts
  keys while the overlay is actually visible.
- Update three test files that still called handleNostrLoggedIn with a
  raw pubkey to authenticate via NostrAuth::login() instead.
This commit is contained in:
HolgerHatGarKeineNode
2026-05-20 01:51:31 +02:00
parent 6bb7d93d1d
commit 52cf81abca
11 changed files with 68 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/views/livewire/association/benefits.blade.php
+2 -2
View File
@@ -109,9 +109,9 @@ new class extends Component
Flux::toast('Watchtower-Adresse in die Zwischenablage kopiert!');
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
NostrAuth::login($pubkey);
NostrAuth::loginWithSignedEvent($signedEvent);
$this->mount();
}
resources/views/livewire/association/election/admin.blade.php
+2 -2
View File
@@ -60,9 +60,9 @@ new class extends Component {
}
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
NostrAuth::login($pubkey);
$pubkey = NostrAuth::loginWithSignedEvent($signedEvent);
$this->currentPubkey = $pubkey;
$this->currentPleb = \App\Models\EinundzwanzigPleb::query()
resources/views/livewire/association/election/index.blade.php
+2 -2
View File
@@ -39,9 +39,9 @@ new class extends Component {
}
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
NostrAuth::login($pubkey);
$pubkey = NostrAuth::loginWithSignedEvent($signedEvent);
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
resources/views/livewire/association/election/show.blade.php
+2 -2
View File
@@ -207,7 +207,7 @@ new class extends Component {
}
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
$executed = RateLimiter::attempt(
'nostr-login:'.request()->ip(),
@@ -219,7 +219,7 @@ new class extends Component {
abort(429, 'Too many login attempts.');
}
NostrAuth::login($pubkey);
$pubkey = NostrAuth::loginWithSignedEvent($signedEvent);
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
resources/views/livewire/association/members/admin.blade.php
+3 -1
View File
@@ -69,8 +69,10 @@ new class extends Component
$this->plebs = $this->loadPlebs();
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
$pubkey = NostrAuth::loginWithSignedEvent($signedEvent);
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first();
resources/views/livewire/association/profile.blade.php
+3 -1
View File
@@ -166,8 +166,10 @@ new class extends Component {
$this->profileForm->nip05Handle = strtolower($this->profileForm->nip05Handle);
}
public function handleNostrLoggedIn(string $pubkey): void
public function handleNostrLoggedIn($signedEvent = null): void
{
$pubkey = NostrAuth::loginWithSignedEvent($signedEvent);
$this->currentPubkey = $pubkey;
$this->currentPleb = EinundzwanzigPleb::query()
->with([
resources/views/livewire/auth-button.blade.php
+6 -3
View File
@@ -21,7 +21,10 @@ new class extends Component
$this->isLoggedIn = NostrAuth::check();
if (! $this->isLoggedIn) {
$this->nostrChallenge = NostrAuth::issueChallenge();
// Sidebar + navbar mount the same component on the same page; using
// currentOrIssueChallenge keeps both rendered data-attributes
// pointing at the same live session value.
$this->nostrChallenge = NostrAuth::currentOrIssueChallenge();
}
}
@@ -87,8 +90,8 @@ new class extends Component
x-bind:aria-busy="nostrLoginInProgress"
aria-labelledby="nostr-login-progress-heading-{{ $location }}"
aria-describedby="nostr-login-progress-description-{{ $location }}"
@keydown.window.escape.prevent.stop
@keydown.window.tab.prevent.stop
@keydown.window.escape="if (nostrLoginInProgress) { $event.preventDefault(); $event.stopPropagation(); }"
@keydown.window.tab="if (nostrLoginInProgress) { $event.preventDefault(); $event.stopPropagation(); }"
x-effect="document.body.style.overflow = nostrLoginInProgress ? 'hidden' : ''"
class="fixed inset-0 z-[100] flex items-center justify-center bg-zinc-950/70 backdrop-blur-md">
<div class="mx-4 w-full max-w-md rounded-2xl bg-white px-8 py-10 text-center shadow-2xl ring-1 ring-zinc-200 dark:bg-zinc-900 dark:ring-zinc-800">